From 5766dc98c1a4bf8bc2c523858b83d5c2d310e26d Mon Sep 17 00:00:00 2001 From: Ralph Siemsen Date: Fri, 11 Mar 2022 11:58:55 -0500 Subject: libxml2: update to 2.9.13 - new version includes fix for CVE-2022-23308 - drop patche which was upstream - refresh patch (From OE-Core rev: d687f1ac2017a1cc94ac4733cd46755d5aabd120) Signed-off-by: Ralph Siemsen Signed-off-by: Richard Purdie --- .../libxml2/0002-Work-around-lxml-API-abuse.patch | 213 --------------------- .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 16 +- 2 files changed, 6 insertions(+), 223 deletions(-) delete mode 100644 meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch (limited to 'meta/recipes-core/libxml/libxml2') diff --git a/meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch b/meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch deleted file mode 100644 index f09ce9707a..0000000000 --- a/meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch +++ /dev/null @@ -1,213 +0,0 @@ -From 85b1792e37b131e7a51af98a37f92472e8de5f3f Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Tue, 18 May 2021 20:08:28 +0200 -Subject: [PATCH] Work around lxml API abuse - -Make xmlNodeDumpOutput and htmlNodeDumpFormatOutput work with corrupted -parent pointers. This used to work with the old recursive code but the -non-recursive rewrite required parent pointers to be set correctly. - -Unfortunately, lxml relies on the old behavior and passes subtrees with -a corrupted structure. Fall back to a recursive function call if an -invalid parent pointer is detected. - -Fixes #255. - -Upstream-Status: Backport [85b1792e37b131e7a51af98a37f92472e8de5f3f] ---- - HTMLtree.c | 46 ++++++++++++++++++++++++++++------------------ - xmlsave.c | 31 +++++++++++++++++++++---------- - 2 files changed, 49 insertions(+), 28 deletions(-) - -diff --git a/HTMLtree.c b/HTMLtree.c -index 24434d45..bdd639c7 100644 ---- a/HTMLtree.c -+++ b/HTMLtree.c -@@ -744,7 +744,7 @@ void - htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, - xmlNodePtr cur, const char *encoding ATTRIBUTE_UNUSED, - int format) { -- xmlNodePtr root; -+ xmlNodePtr root, parent; - xmlAttrPtr attr; - const htmlElemDesc * info; - -@@ -755,6 +755,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, - } - - root = cur; -+ parent = cur->parent; - while (1) { - switch (cur->type) { - case XML_HTML_DOCUMENT_NODE: -@@ -762,13 +763,25 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, - if (((xmlDocPtr) cur)->intSubset != NULL) { - htmlDtdDumpOutput(buf, (xmlDocPtr) cur, NULL); - } -- if (cur->children != NULL) { -+ /* Always validate cur->parent when descending. */ -+ if ((cur->parent == parent) && (cur->children != NULL)) { -+ parent = cur; - cur = cur->children; - continue; - } - break; - - case XML_ELEMENT_NODE: -+ /* -+ * Some users like lxml are known to pass nodes with a corrupted -+ * tree structure. Fall back to a recursive call to handle this -+ * case. -+ */ -+ if ((cur->parent != parent) && (cur->children != NULL)) { -+ htmlNodeDumpFormatOutput(buf, doc, cur, encoding, format); -+ break; -+ } -+ - /* - * Get specific HTML info for that node. - */ -@@ -817,6 +830,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, - (cur->name != NULL) && - (cur->name[0] != 'p')) /* p, pre, param */ - xmlOutputBufferWriteString(buf, "\n"); -+ parent = cur; - cur = cur->children; - continue; - } -@@ -825,9 +839,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, - (info != NULL) && (!info->isinline)) { - if ((cur->next->type != HTML_TEXT_NODE) && - (cur->next->type != HTML_ENTITY_REF_NODE) && -- (cur->parent != NULL) && -- (cur->parent->name != NULL) && -- (cur->parent->name[0] != 'p')) /* p, pre, param */ -+ (parent != NULL) && -+ (parent->name != NULL) && -+ (parent->name[0] != 'p')) /* p, pre, param */ - xmlOutputBufferWriteString(buf, "\n"); - } - -@@ -842,9 +856,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, - break; - if (((cur->name == (const xmlChar *)xmlStringText) || - (cur->name != (const xmlChar *)xmlStringTextNoenc)) && -- ((cur->parent == NULL) || -- ((xmlStrcasecmp(cur->parent->name, BAD_CAST "script")) && -- (xmlStrcasecmp(cur->parent->name, BAD_CAST "style"))))) { -+ ((parent == NULL) || -+ ((xmlStrcasecmp(parent->name, BAD_CAST "script")) && -+ (xmlStrcasecmp(parent->name, BAD_CAST "style"))))) { - xmlChar *buffer; - - buffer = xmlEncodeEntitiesReentrant(doc, cur->content); -@@ -902,13 +916,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, - break; - } - -- /* -- * The parent should never be NULL here but we want to handle -- * corrupted documents gracefully. -- */ -- if (cur->parent == NULL) -- return; -- cur = cur->parent; -+ cur = parent; -+ /* cur->parent was validated when descending. */ -+ parent = cur->parent; - - if ((cur->type == XML_HTML_DOCUMENT_NODE) || - (cur->type == XML_DOCUMENT_NODE)) { -@@ -939,9 +949,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, - (cur->next != NULL)) { - if ((cur->next->type != HTML_TEXT_NODE) && - (cur->next->type != HTML_ENTITY_REF_NODE) && -- (cur->parent != NULL) && -- (cur->parent->name != NULL) && -- (cur->parent->name[0] != 'p')) /* p, pre, param */ -+ (parent != NULL) && -+ (parent->name != NULL) && -+ (parent->name[0] != 'p')) /* p, pre, param */ - xmlOutputBufferWriteString(buf, "\n"); - } - } -diff --git a/xmlsave.c b/xmlsave.c -index 61a40459..aedbd5e7 100644 ---- a/xmlsave.c -+++ b/xmlsave.c -@@ -847,7 +847,7 @@ htmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { - static void - xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { - int format = ctxt->format; -- xmlNodePtr tmp, root, unformattedNode = NULL; -+ xmlNodePtr tmp, root, unformattedNode = NULL, parent; - xmlAttrPtr attr; - xmlChar *start, *end; - xmlOutputBufferPtr buf; -@@ -856,6 +856,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { - buf = ctxt->buf; - - root = cur; -+ parent = cur->parent; - while (1) { - switch (cur->type) { - case XML_DOCUMENT_NODE: -@@ -868,7 +869,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { - break; - - case XML_DOCUMENT_FRAG_NODE: -- if (cur->children != NULL) { -+ /* Always validate cur->parent when descending. */ -+ if ((cur->parent == parent) && (cur->children != NULL)) { -+ parent = cur; - cur = cur->children; - continue; - } -@@ -887,7 +890,18 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { - break; - - case XML_ELEMENT_NODE: -- if ((cur != root) && (ctxt->format == 1) && (xmlIndentTreeOutput)) -+ /* -+ * Some users like lxml are known to pass nodes with a corrupted -+ * tree structure. Fall back to a recursive call to handle this -+ * case. -+ */ -+ if ((cur->parent != parent) && (cur->children != NULL)) { -+ xmlNodeDumpOutputInternal(ctxt, cur); -+ break; -+ } -+ -+ if ((ctxt->level > 0) && (ctxt->format == 1) && -+ (xmlIndentTreeOutput)) - xmlOutputBufferWrite(buf, ctxt->indent_size * - (ctxt->level > ctxt->indent_nr ? - ctxt->indent_nr : ctxt->level), -@@ -942,6 +956,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { - xmlOutputBufferWrite(buf, 1, ">"); - if (ctxt->format == 1) xmlOutputBufferWrite(buf, 1, "\n"); - if (ctxt->level >= 0) ctxt->level++; -+ parent = cur; - cur = cur->children; - continue; - } -@@ -1058,13 +1073,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) { - break; - } - -- /* -- * The parent should never be NULL here but we want to handle -- * corrupted documents gracefully. -- */ -- if (cur->parent == NULL) -- return; -- cur = cur->parent; -+ cur = parent; -+ /* cur->parent was validated when descending. */ -+ parent = cur->parent; - - if (cur->type == XML_ELEMENT_NODE) { - if (ctxt->level > 0) ctxt->level--; --- -2.32.0 - diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch index a5c112db7b..d211f65da3 100644 --- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch +++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch @@ -22,11 +22,11 @@ Signed-off-by: Tony Tascioglu libxml.m4 | 190 ++---------------------------------------------------- 1 file changed, 5 insertions(+), 185 deletions(-) -diff --git a/libxml.m4 b/libxml.m4 -index 09de9fe2..1c535853 100644 ---- a/libxml.m4 -+++ b/libxml.m4 -@@ -1,192 +1,12 @@ +Index: libxml2-2.9.13/libxml.m4 +=================================================================== +--- libxml2-2.9.13.orig/libxml.m4 ++++ libxml2-2.9.13/libxml.m4 +@@ -1,191 +1,12 @@ -# Configure paths for LIBXML2 -# Simon Josefsson 2020-02-12 -# Fix autoconf 2.70+ warnings @@ -151,9 +151,8 @@ index 09de9fe2..1c535853 100644 - { - printf("\n*** An old version of libxml (%d.%d.%d) was found.\n", - xml_major_version, xml_minor_version, xml_micro_version); -- printf("*** You need a version of libxml newer than %d.%d.%d. The latest version of\n", +- printf("*** You need a version of libxml newer than %d.%d.%d.\n", - major, minor, micro); -- printf("*** libxml is always available from ftp://ftp.xmlsoft.org.\n"); - printf("***\n"); - printf("*** If you have already installed a sufficiently new version, this error\n"); - printf("*** probably means that the wrong copy of the xml2-config shell script is\n"); @@ -224,6 +223,3 @@ index 09de9fe2..1c535853 100644 - AC_SUBST(XML_LIBS) - rm -f conf.xmltest ]) --- -2.7.4 - -- cgit v1.2.3-54-g00ecf